exploit-db-mirror/exploits/multiple/remote/52366.txt
Exploit-DB 08e51ef2f9 DB: 2025-07-17
12 changes to exploits/shellcodes/ghdb

TOTOLINK N300RB 8.54 - Command Execution

MikroTik RouterOS 7.19.1 - Reflected XSS

Langflow 1.2.x - Remote Code Execution (RCE)

PivotX 3.0.0 RC3 - Remote Code Execution (RCE)

SugarCRM 14.0.0 - SSRF/Code Injection

White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)

WP Publications WordPress Plugin 1.2 - Stored XSS

NodeJS 24.x - Path Traversal

Keras 2.15 - Remote Code Execution (RCE)

Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege

Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

Microsoft Outlook - Remote Code Execution (RCE)
2025-07-17 00:16:33 +00:00

20 lines
No EOL
865 B
Text

# Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS
# Google Dork: inurl:/login?dst=
# Date: 2025-07-15
# Exploit Author: Prak Sokchea
# Vendor Homepage: https://mikrotik.com
# Software Link: https://mikrotik.com/download
# Version: RouterOS <= 7.19.1
# Tested on: MikroTik CHR 7.19.1
# CVE : CVE-2025-6563
# PoC:
# Visit the following URL while connected to the vulnerable MikroTik hotspot service:
# http://<target-ip>/login?dst=javascript:alert(3)
# A reflected XSS will be triggered when the dst parameter is not properly sanitized by the server-side logic.
# This vulnerability requires user interaction (visiting the link) and may be used in phishing or redirection attacks.
# Notes:
# This is a non-persistent reflected XSS. It is accepted due to the presence of a valid CVE (CVE-2025-6563),
# and has been acknowledged by MikroTik as a valid issue.